Merge pull request #11 from kubesphere/dev-ll

Add the "-a" parameter to show more information about the best practice
This commit is contained in:
Forest 2020-12-28 19:02:21 +08:00 committed by GitHub
commit b1dfc53df7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 28 additions and 13 deletions

View File

@ -96,9 +96,8 @@ kube-system Warning coredns Deployment 2020-11-27T1
| :white_check_mark: | PodFileExists | Check for existing files|
| :white_check_mark: | PodTooManyOpenFiles | The number of file /socket connections opened by the program exceeds the system set value|
| :white_check_mark: | PodNoSpaceLeftOnDevice | Check for disk and inode usage|
| | NodeTokenExpired | Token certificate expired|
| | NodeApiServerExpired | kube-apiserver certificate expired|
| | NodeKubeletExpired | Kubelet certificate expired|
| | NodeTokenExpiredPeriod | Check Token expiration period is one month|
| | NodeKubeletExpiredPeriod | Check Kubelet period is one month|
| :white_check_mark: | PodSetCpuRequestsMissing | The CPU Resource Request value was not declared|
| :white_check_mark: | PodSetHostIPCSet | Set the hostIP|
| :white_check_mark: | PodSetHostNetworkSet | Set the hostNetwork|
@ -135,8 +134,7 @@ checks:
customChecks:
imageFromUnauthorizedRegistry:
successMessage: Image from an authorized registriy.
failureMessage: Image from an unauthorized registry.
promptMessage: When the corresponding rule does not match. Show that image from an unauthorized registry.
category: Images
target: Container
schema:
@ -152,7 +150,7 @@ customChecks:
- Save the above rule as a yaml, for example, `rule.yaml`.
- Run kubeye with `rule.yaml`
```shell
root:# ke fault -f rule.yaml --kubeconfig ~/.kube/config
root:# ke diags -f rule.yaml --kubeconfig ~/.kube/config
NAMESPACE SEVERITY NAME KIND TIME MESSAGE
default Warning nginx Deployment 2020-11-27T17:18:31+08:00 [imageFromUnauthorizedRegistry]
kube-system Warning node-problem-detector DaemonSet 2020-11-27T17:18:31+08:00 [livenessProbeMissing runAsPrivileged]

View File

@ -1,4 +1,3 @@
#successMessage: CPU limits are set
promptMessage: CPU limits should be set
category: Resources
target: Container

View File

@ -23,12 +23,13 @@ import (
)
var config string
var allInformation bool
var auditCmd = &cobra.Command{
Use: "diags",
Short: "diagnostic information from the cluster",
Run: func(cmd *cobra.Command, args []string) {
err := validator.Cluster(config, cmd.Context())
err := validator.Cluster(config, cmd.Context(), allInformation)
if err != nil {
fmt.Println(err)
}
@ -39,4 +40,5 @@ func init() {
rootCmd.AddCommand(auditCmd)
pflag.CommandLine.AddGoFlagSet(flag.CommandLine)
auditCmd.Flags().StringVarP(&config, "filename", "f", "", "Customize best practice configuration")
auditCmd.Flags().BoolVarP(&allInformation, "all", "a", false, "Show more specific information")
}

View File

@ -34,6 +34,3 @@ func Execute() {
os.Exit(1)
}
}
func init() {
rootCmd.PersistentFlags().BoolVar(&Verbose, "debug", true, "Print detailed information")
}

View File

@ -28,7 +28,7 @@ import (
"time"
)
func Cluster(configuration string, ctx context.Context) error {
func Cluster(configuration string, ctx context.Context, allInformation bool) error {
k, err := kube.CreateResourceProvider(ctx)
if err != nil {
return errors.Wrap(err, "Failed to get cluster information")
@ -117,13 +117,32 @@ func Cluster(configuration string, ctx context.Context) error {
if len(goodPractice) != 0 {
fmt.Fprintln(w, "\nNAMESPACE\tSEVERITY\tNAME\tKIND\tTIME\tMESSAGE")
for _, goodpractice := range goodPractice {
var message []string
if allInformation {
for _, tmpMessage := range goodpractice.ContainerResults[0].Results {
message = append(message, tmpMessage.Message, "")
}
if len(goodpractice.Results) != 0 {
for _, tmpResult := range goodpractice.Results {
if tmpResult.Success == false {
message = append(message, tmpResult.Message, "")
}
}
message = message[:len(message)-1]
} else {
message = message[:len(message)-1]
}
} else {
message = goodpractice.Message
}
s := fmt.Sprintf("%s\t%s\t%s\t%s\t%s\t%-8v",
goodpractice.Namespace,
goodpractice.Severity,
goodpractice.Name,
goodpractice.Kind,
goodpractice.CreatedTime,
goodpractice.Message,
message,
)
fmt.Fprintln(w, s)
continue